ClearFoundation

I've found a persistent XSS vulnerability in the webconfig. Although the attack surface is limited it's still a practical attack against Webconfig Administrators. If someone could contact me regarding it that would be good. I've sent an email to security@clearfoundation.com about it but I didn't have much success the last time I reported something there but did have marginal success with the forum, so here I am.

Should be noted, those without the IDS are more exposed as the attack surface is larger.

J,

You sent the e-mail two hours ago. A good chunk of the Clear Team isn't even awake yet! You may want to give us a wee bit more time next time around.

I didn't include the specific details in the post but I also wasn't completely generic like last time and I've found a better response time on the forum rather then email, also, there wasn't a problem the time before that (although that was an actual question).